This chapter is from the book

There are many components that make up Active Directory, and it is critical
that you understand these components and the concepts surrounding them. In later
chapters, you will learn how and why to create these components.

This chapter describes some of the most critical components in Active Directory,
as well as Microsoft's recommendations for their use. These components
need to be thought out beforehand, as they can have a serious impact on the
function and performance of your Active Directory. Some of these components
include

DNS and the domain namespace

Domains

Forests

Trees

Sites

Domain Namespace

All hosts on a TCP/IP-based network must have a valid and unique IP address.
An IP address is a 32-bit binary number. It is represented using dotted decimal
notation, such as 192.168.0.1. As you can imagine, most humans cannot remember
many IP addresses.

DNS was implemented to make the TCP/IP networking world more user friendly.
DNS allows user-friendly names to be mapped to IP addresses. For example,
instead of trying to remember 192.168.0.1, a DNS mapping (known as a resource
record) could be created stating that COMPUTER1 maps to 192.168.0.1. The user
only needs to know about COMPUTER1, not 192.168.0.1.

Another benefit of DNS is that IP addresses can and do change. The IP address
of COMPUTER1 could change to 192.168.0.37. In this case, the DNS record for
COMPUTER1 would be updated from 192.168.0.1 to 192.168.0.37. The users and
applications would still be looking for the host name COMPUTER1 and thus would
not need to be notified of the change.

DNS is a hierarchical naming system and a distributed database. As you can
see in Figure 3.1, DNS looks much like
an inverted tree. The root of the tree (aptly named "root") is represented
by a period. The root signifies the beginning of the domain namespace. A domain
namespace, in either Active Directory or DNS, defines an area with boundaries
in which any object contained within must adhere to the domain-naming standard.
Objects or hosts that do not adhere to the domain-naming standard will not be
considered to be part of the domain namespace. As a result, they might not be
able to properly access information provided by DNS. For example, when clients
attempt to access Active Directory to perform logons or look up directory information,
they use their domain name to determine their location within Active Directory.
If they are misconfigured, the operation will fail.

Domains are branches off of the root. Figure
3.1 represents the Internet Domain Namespace, where directories below the
root are the main Internet categories, such as COM, NET, and ORG. Domains can
contain hosts, such as computers and servers, and also subdomains. On the Internet,
these subdomains are companies and organizations, such as microsoft.com,
compaq.com, npr.org, and pbs.org.

The Active Directory domain hierarchy uses the same rules and procedures as
DNS to resolve domain and computer names.

For example, an organization named Help and Learn, Inc. is beginning to plan
its implementation of Active Directory. They have two regional divisions in
their organization, called East (representing the East Coast of the United
States) and West (representing the West Coast). Their plan calls for the use of
helpandlearn.com as their domain namespace. All objects within Help and
Learn, Inc.'s Active Directory structure would be within this namespace.
The East and West regions could be implemented as subdomains in Active
Directory. They would be named east.helpandlearn.com and
west.helpandlearn.com. A computer object named LAPTOP1 located in the
east subdomain would have the Active Directory name
laptop1.east.helpandlearn.com.

Possible DNS Names

There are two very important rules when it comes to naming objects in
DNS:

A child domain can have only one parent domain. For example: If the
domain public is a child of microsoft.com, it cannot be a child of
msn.com. Looking at the FQDN of the domain, it becomes apparent:
public.microsoft.com is not the same domain as
public.msn.com.

Two children of the same parent must have different names. For example:
If two domains are created under the same parent domain, their names must be
different due to the hierarchical DNS structure. Look at the following FQDNs:
public.microsoft.com and private.microsoft.com. You cannot rename the
private domain to public because public already
exists.

A DNS name consists of different portions separated by periods (.). Each
portion represents a domain or subdomain in the namespace. This is known as an
FQDN (fully qualified domain name).

As in the previous example, a computer named LAPTOP1 in the East subdomain of
Help and Learn, Inc. would have a fully qualified domain name (FQDN) of
laptop1.east. helpandlearn.com.

Reading an FQDN from right to left, one can understand the DNS hierarchy.
com is the root domain; helpandlearn is a subdomain of
com; east is a subdomain of helpandlearn, and so on.
Each domain and subdomain in the hierarchy contains its own portion of the DNS
namespace.

A host's name can also be resolved by using its relative name. The
relative name is simply the host name without the DNS hierarchy. To resolve a
relative host name, the requester must be located in the same domain.

Back to the example, LAPTOP1 is the relative name of
laptop1.east.helpandlearn.com. To query DNS for LAPTOP1 using its
relative name only, the requester would need to be a member of the east
domain.

Internal Versus External Namespace

If an organization that is implementing Active Directory requires Internet
connectivity, the organization would need to register their root domain name
with one of the Internet naming registrars. Once a unique domain name is registered
(and thus a DNS namespace created), the Active Directory namespace is implemented
as one or more subdomains of the Internet root domain (see Figure
3.2).

If an organization does not require Internet connectivity, the organization
can opt to utilize an internal DNS namespace. But it must be noted that Active
Directory does require DNS. Active Directory uses DNS to locate servers and
services within the directory. If the organization opts for an internal DNS
namespace, they must still design and install the internal DNS infrastructure,
including servers, domains, and so on (see Figure
3.3). It is also strongly recommended that the organization still registers
its internal and external domain namespace in case of future changes.

One of the most difficult tasks faced by an organization looking to register
an Internet domain name is name availability. Many names have been registered
and it may really take some creativity to find the name you want or a name that
even makes sense.

An organization can register their domain name themselves or through their
Internet Service Provider (ISP). If they are registering the domain name themselves,
they can use one of several Internet registrars, such as Network Solutions
(http://www.networksolutions.com).
Network Solutions provides a simple Web-based form where you can enter the
desired domain name. It will search the database to determine whether the
domain name is available. If it is, you can proceed to register the name.
If it is not, you will be presented with a number of optional domain names
(see Figure 3.4).

Of course an organization should also consult its legal department to verify
that the domain name is not infringing on any other copyrights or
trademarks.